Crypto-licenses in Estonia – Should Your Company Apply?

March 13, 2019

Estonia, being one of the first EU member states to implement the 4th AML directive – by detailing the regulations related to virtual wallets and virtual currency to fiat currency exchanges – has created a favorable jurisdiction for many entrepreneurs to pursue business ventures related to cryptographic assets in Estonia. Illustrating the fact: between November 2017 to March 2019, the Financial Intelligence Unit (FIU) has issued a total of 1367 crypto-related activity licenses, of which 637 have been granted to provide virtual currency wallet service, and 730 to provide a service of exchanging virtual currency to fiat currency. Whereas multiple advisory firms in Estonia advertise that the above licenses are definitely required to conduct an ICO in Estonia, that fact should be analyzed on a case-by-case basis.

Virtual currency definition

As both of these licenses are applied for keeping and transacting with virtual currencies, it should first be assessed whether the crypto asset in question could be considered a „virtual currency“. A definition given to virtual currency in EU law and subsequently in Estonian law includes the following elements: (i) a value represented in digital form; (ii) must be digitally transferable, preservable or tradable; (iii) accepted as a payment instrument by natural or legal persons; (iv) is not the legal tender of any country. While nearly all the elements can be attributed to most cryptographic assets that are offered on the market today, the acceptance of virtual currencies as a payment instrument by natural or legal persons is likely to be most unclear among entrepreneurs and token buyers alike. The legislator has not defined how many natural or legal persons have to accept the coin or token as a payment instrument. However, the FIU has noted that by concluding transactions within a service provided by the issuer and paying with the same tokens issued therein, the token will not be construed to be a virtual currency and thereby does not fall under the AML regulations.

While it may be clear from the article at hand as to what constitutes a service of exchanging a virtual currency against a fiat currency, the same cannot be said for a virtual currency wallet service.
A virtual currency wallet service means a service in the framework of which keys are generated for customers or customers’ encrypted keys are kept, which can be used for keeping, storing and transferring virtual currencies. The FIU has stated that keeping the encrypted keys as a service includes that the service provider agrees to be in possession of the keys in exchange for a certain fee, possibly to guarantee their safekeeping. The possession, in this case, presumes that the service provider retains control over the keys and is enabled to perform certain actions with the virtual wallet (such as making backup copies). Only the wallets that are located within the service provider’s server or cloud storage space can be „kept“ by the service provider. As such, the virtual wallets that are located on the hard disk drive of a token owner and that are not managed by the service provider after the token sale, cannot fall under the AML regulations.

Requirements to apply for virtual wallet and exchange licenses

In addition to the registry information of the Estonian company, and the data relating to the shareholder(s), beneficial owner(s) and management board member(s), the applicant is also required to submit the rules of procedure and internal control rules that detail the AML policies of the company that are applied when providing these licensed services. Furthermore, if the persons associated with the company are not Estonian citizens, it is also required to submit criminal records extract to the FIU stating the absence of criminal offenses.

Situation in practice

Even though in practice we have seen a number of legitimate ways that these licenses are used, we have also come across a number of entrepreneurs using the wallet and exchange licenses to provide certain financial services that fall outside the boundaries of activities for which the licenses were granted. For example, service providers enable its customers to transfer crypto and fiat funds from one account (or wallet) to another, while actually a payment institution activity license must be applied for from the Financial Supervision Authority (FSA) of Estonia to provide said service. Even though the FSA has issued notices to warn consumers that some service providers do not have the license needed to provide the offered services, the large number of cryptocurrency licenses granted make it difficult to conduct regular supervision over these companies, which may possibly bring about additional regulations in the crypto-sphere in the future.